[c-nsp] Cat6500 odd arp behavior
Vinny_Abello at Dell.com
Vinny_Abello at Dell.com
Wed Jan 30 13:48:45 EST 2013
Thanks Christian. Can you elaborate on what side effects from uRPF I need to be aware of when using the glean HWRL?
-Vinny
-----Original Message-----
From: Christian Meutes [mailto:christian at errxtx.net]
Sent: Friday, January 25, 2013 10:50 PM
To: Abello, Vinny
Cc: p.mayers at imperial.ac.uk; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cat6500 odd arp behavior
On Jan 25, 2013, at 10:16 PM, <Vinny_Abello at Dell.com> wrote:
> Am I understanding the issue correctly?
I ran into those issues back in 2008 when the CoPP docs haven't been
"that" clear about the relationship between CoPP, ARP and the glean
HWRL.
You should mostly be safe when you enable the glean HWRL and,
obviously, don't factor those packets needing ARP in your CoPP
policy as it wouldn't make much sense in terms of security.
What you should be aware of are also side effects when you use uRPF
on these boxes. With the whole family in place, so uRPF, the glean
HWRL and CoPP, you will most likely not be able to fix all falsely
dropped packets due to the platforms restrictions and cornercases.
More information about the cisco-nsp
mailing list